Mesevirus, netti ei toimi. Hjt+Combofix logit

Discussion in 'Virukset ja haittaohjelmat - HijackThis -logit' started by mAtu_, Jun 22, 2008.

  1. mAtu_

    mAtu_ Member

    Joined:
    Jun 22, 2008
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    11
    Kone ertittäin jumissa, netti ei toimi ja hiiri vetelee itsekseen. Viikko sitte tuli mesevirus.



    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:58, on 2008-06-22
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16674)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\system32\hphmon06.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\ALCXMNTR.EXE
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\Program Files\dna Nettiturva\Anti-Virus\fsgk32st.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\dna Nettiturva\Common\FSMA32.EXE
    C:\Program Files\dna Nettiturva\Anti-Virus\FSGK32.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\dna Nettiturva\Common\FSMB32.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\Rundll32.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\dna Nettiturva\Common\FCH32.EXE
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\UStorSrv.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\dna Nettiturva\Common\FAMEH32.EXE
    C:\Program Files\dna Nettiturva\Anti-Virus\fsqh.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    C:\Program Files\dna Nettiturva\FSGUI\fsguidll.exe
    C:\Program Files\dna Nettiturva\Anti-Virus\fssm32.exe
    C:\Program Files\dna Nettiturva\FSAUA\program\fsaua.exe
    C:\Program Files\dna Nettiturva\FWES\Program\fsdfwd.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\dna Nettiturva\FSAUA\program\fsus.exe
    C:\Program Files\dna Nettiturva\Anti-Virus\fsav32.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://finnish.ircfast2.com/index.php?rvs=hompag
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI&c=Q305&bd=pavilion&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 128.238.88.64:3128
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: {2e4dbf05-166d-743b-ab14-20795ec5c9a0} - {0a9c5ce5-9702-41ba-b347-d66150fbd4e2} - C:\WINDOWS\system32\ffavjdax.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: HP-näkymä - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
    O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
    O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Windows svchost] ups.exe
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\dna Nettiturva\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\dna Nettiturva\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [fcd0d9d2] rundll32.exe "C:\WINDOWS\system32\dpjlhnpe.dll",b
    O4 - HKLM\..\Run: [BMffe3ea4e] Rundll32.exe "C:\WINDOWS\system32\ntvkqvqi.dll",s
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
    O4 - S-1-5-18 Startup: AutoTBar.exe (User 'SYSTEM')
    O4 - .DEFAULT Startup: AutoTBar.exe (User 'Default user')
    O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZCfox000
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar3.dll/cmwordtrans.html
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Avaa uuteen etuvälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/230?e4ab05b8cdeb4a9c810de1879497a108
    O8 - Extra context menu item: Avaa uuteen taustavälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/229?e4ab05b8cdeb4a9c810de1879497a108
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
    O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
    O9 - Extra 'Tools' menuitem: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: efcDwUoP - efcDwUoP.dll (file missing)
    O22 - SharedTaskScheduler: USB Ware - {E2CA7CD1-1AD9-F1C4-3D2A-DC1A33E7AF9D} - (no file)
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\dna Nettiturva\Anti-Virus\fsgk32st.exe
    O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\dna Nettiturva\FSAUA\program\fsaua.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\dna Nettiturva\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\dna Nettiturva\Common\FSMA32.EXE
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe

    --
    End of file - 14603 bytes







    ComboFix 08-06-20.4 - Mika 2008-06-22 15:28:24.1 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.121 [GMT 3:00]
    Running from: C:\Documents and Settings\Mika\Työpöytä\SFScript.exe
    * Created a new restore point
    * Resident AV is active

    .

    (((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Program Files\Mozilla Firefox\plugins\npclntax.dll
    C:\Program Files\Seekmo Programs
    C:\WINDOWS\BMffe3ea4e.xml
    C:\WINDOWS\pskt.ini
    C:\WINDOWS\system32\awttSiih.dll
    C:\WINDOWS\system32\bbxdwxpt.dll
    C:\WINDOWS\system32\bilnoich.ini
    C:\WINDOWS\system32\cuoritmx.dll
    C:\WINDOWS\system32\DJjlRtwa.ini
    C:\WINDOWS\system32\DJjlRtwa.ini2
    C:\WINDOWS\system32\epnhljpd.ini
    C:\WINDOWS\system32\fbsgvtep.ini
    C:\WINDOWS\system32\gbhaatlv.ini
    C:\WINDOWS\system32\jriocaeh.dll
    C:\WINDOWS\system32\mcrh.tmp
    C:\WINDOWS\system32\mdsosdut.ini
    C:\WINDOWS\system32\nsotomor.ini
    C:\WINDOWS\system32\qpbnbhic.ini
    C:\WINDOWS\system32\qqedtmxl.ini
    C:\WINDOWS\system32\rXEKRqss.ini
    C:\WINDOWS\system32\rXEKRqss.ini2
    C:\WINDOWS\system32\ssqRKEXr.dll
    C:\WINDOWS\system32\tsewiqjp.ini
    C:\WINDOWS\system32\uviwvtyo.ini
    C:\WINDOWS\system32\widkiwkk.ini
    C:\WINDOWS\system32\xcbhnaqq.ini
    C:\WINDOWS\system32\xjwlymja.ini
    E:\Autorun.inf

    .
    ((((( Tiedostot, jotka on luotu seuraavalla aikav„lill„: 2008-05-22 to 2008-06-22 )))))))))))))))))
    .

    2008-06-22 15:37 . 2008-06-22 15:37 110,419 --a--c--- C:\WINDOWS\BMffe3ea4e.xml
    2008-06-21 19:30 . 2008-06-21 19:30 81,408 --a--c--- C:\WINDOWS\system32\dpjlhnpe.dll
    2008-06-21 19:27 . 2008-06-21 19:27 99,328 --a--c--- C:\WINDOWS\system32\ffavjdax.dll
    2008-06-21 19:24 . 2008-06-21 19:24 90,112 --a--c--- C:\WINDOWS\system32\ntvkqvqi.dll
    2008-06-21 19:05 . 2008-06-21 19:14 <KANSIO> d----c--- C:\Program Files\EA GAMES
    2008-06-20 19:24 . 2008-06-20 19:24 99,840 --a--c--- C:\WINDOWS\system32\kqbpikse.dll
    2008-06-20 19:24 . 2008-06-20 19:24 90,112 --a--c--- C:\WINDOWS\system32\ugftimxj.dll
    2008-06-19 11:43 . 2008-06-19 11:43 <KANSIO> d----c--- C:\Program Files\Steam-Down
    2008-06-19 11:41 . 2008-06-19 11:41 89,600 -----c--- C:\WINDOWS\system32\tdgrqmpu.0ll
    2008-06-19 11:41 . 2008-06-19 11:41 80,896 -----c--- C:\WINDOWS\system32\petvgsbf.0ll
    2008-06-18 00:47 . 2008-06-18 00:47 98,816 -----c--- C:\WINDOWS\system32\wpeibbkl.0ll
    2008-06-18 00:45 . 2008-06-18 00:45 90,112 --a--c--- C:\WINDOWS\system32\yvmpbodu.0ll
    2008-06-18 00:45 . 2008-06-18 00:45 82,432 --a--c--- C:\WINDOWS\system32\romotosn.0ll
    2008-06-16 22:30 . 2008-06-16 22:30 99,328 -----c--- C:\WINDOWS\system32\rfckarnl.0ll
    2008-06-16 22:24 . 2008-06-16 22:24 90,112 -----c--- C:\WINDOWS\system32\wqsacypx.0ll
    2008-06-16 19:35 . 2008-06-16 19:35 <KANSIO> d----c--- C:\Program Files\AviSynth 2.5
    2008-06-16 19:34 . 2008-06-16 19:34 <KANSIO> d----c--- C:\Program Files\Red Kawa
    2008-06-15 22:24 . 2008-06-15 22:24 99,840 -----c--- C:\WINDOWS\system32\rcmtopar.0ll
    2008-06-15 22:22 . 2008-06-15 22:22 90,112 -----c--- C:\WINDOWS\system32\ghqhoyex.0ll
    2008-06-15 22:04 . 2005-01-01 23:45 <KANSIO> d----c--- C:\Documents and Settings\Ella\WINDOWS
    2008-06-15 22:04 . 2004-12-14 20:30 <KANSIO> d--h-c--- C:\Documents and Settings\Ella\Verkkoymp„rist”
    2008-06-15 22:04 . 2005-01-01 23:49 <KANSIO> d----c--- C:\Documents and Settings\Ella\Ty”p”yt„
    2008-06-15 22:04 . 2004-12-14 20:30 <KANSIO> d--h-c--- C:\Documents and Settings\Ella\Tulostinymp„rist”
    2008-06-15 22:04 . 2006-03-14 10:10 <KANSIO> dr---c--- C:\Documents and Settings\Ella\Suosikit
    2008-06-15 22:04 . 2008-06-15 22:04 <KANSIO> dr---c--- C:\Documents and Settings\Ella\Omat tiedostot
    2008-06-15 22:04 . 2006-03-14 10:11 <KANSIO> d--h-c--- C:\Documents and Settings\Ella\Mallit
    2008-06-15 22:04 . 2006-03-14 10:10 <KANSIO> dr---c--- C:\Documents and Settings\Ella\K„ynnist„-valikko
    2008-06-15 22:04 . 2008-06-15 22:04 <KANSIO> d----c--- C:\Documents and Settings\Ella
    2008-06-13 22:45 . 2008-06-14 20:59 272,128 -----c--- C:\WINDOWS\system32\drivers\bthport.sys
    2008-06-13 22:45 . 2008-06-14 20:59 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
    2008-06-12 21:12 . 2008-06-12 21:12 80,896 -----c--- C:\WINDOWS\system32\kkwikdiw.0ll
    2008-06-11 18:59 . 2008-06-11 18:59 89,600 -----c--- C:\WINDOWS\system32\xhvnirpo.0ll
    2008-06-11 17:19 . 2008-06-11 17:19 89,600 --a--c--- C:\WINDOWS\system32\ycnpudyl.0ll
    2008-06-06 16:25 . 2008-06-10 16:51 51,072 --a--c--- C:\WINDOWS\system32\drivers\fsdfw.sys
    2008-06-06 16:25 . 2008-06-10 16:51 30,016 --a--c--- C:\WINDOWS\system32\drivers\fsndis5.sys
    2008-06-06 16:23 . 2008-06-06 16:23 2,560 -----c--- C:\WINDOWS\system32\vmhdkmmx.0xe
    2008-06-06 16:20 . 2008-06-06 16:20 134,656 -----c--- C:\WINDOWS\system32\imxlmmgj.0ll
    2008-06-06 16:17 . 2008-06-06 16:17 117,248 -----c--- C:\WINDOWS\system32\qqanhbcx.0ll
    2008-06-06 16:14 . 2008-06-06 16:14 125,440 -----c--- C:\WINDOWS\system32\xhbwiydg.0ll
    2008-06-06 15:39 . 2008-06-06 15:39 <KANSIO> d----c--- C:\Documents and Settings\Mika\Application Data\TurvaPC
    2008-06-06 15:34 . 2008-06-06 16:41 <KANSIO> d----c--- C:\Program Files\TurvaPC
    2008-06-06 15:34 . 2008-06-06 15:34 <KANSIO> d----c--- C:\Documents and Settings\All Users\Application Data\TurvaPC
    2008-06-06 15:34 . 2008-06-06 15:34 <KANSIO> dr---c--- C:\Documents and Settings\All Users\Application Data\SalesMon
    2008-06-06 15:17 . 2008-06-06 15:17 2,560 -----c--- C:\WINDOWS\system32\qpfohcfh.0xe
    2008-06-06 15:15 . 2008-06-06 16:32 49,156 -----c--- C:\WINDOWS\ups.0xe
    2008-06-06 15:15 . 2008-06-06 16:35 49,156 -----c--- C:\sz.0xe
    2008-06-05 17:20 . 2008-06-22 15:37 54,156 --ah-c--- C:\WINDOWS\QTFont.qfn
    2008-06-05 17:20 . 2008-06-05 17:20 1,409 --a--c--- C:\WINDOWS\QTFont.for
    2008-06-03 14:53 . 2008-06-05 09:24 <KANSIO> d----c--- C:\Documents and Settings\matias.YOUR-B62381BA23\Omat tiedostot
    2008-06-03 14:50 . 2008-06-03 14:50 <KANSIO> d----c--- C:\Documents and Settings\matias.YOUR-B62381BA23\Ty”p”yt„
    2008-06-03 14:50 . 2008-06-03 14:50 <KANSIO> dr---c--- C:\Documents and Settings\matias.YOUR-B62381BA23\Suosikit
    2008-06-03 14:50 . 2008-06-03 14:50 <KANSIO> d----c--- C:\Documents and Settings\matias.YOUR-B62381BA23\K„ynnist„-valikko
    2008-06-03 13:42 . 2008-06-03 13:42 <KANSIO> d--h-c--- C:\Documents and Settings\matias.YOUR-B62381BA23\Mallit
    2008-06-02 17:32 . 2008-06-02 17:32 132,096 -----c--- C:\WINDOWS\system32\tsgoonwv.0ll
    2008-06-02 17:32 . 2008-06-02 17:32 2,560 -----c--- C:\WINDOWS\system32\cuddnlhc.0xe
    2008-06-01 16:55 . 2008-06-01 16:55 373,248 -----c--- C:\WINDOWS\system32\awtRljJD.0ll
    2008-06-01 16:51 . 2008-06-01 16:51 93,184 -----c--- C:\is154890.0xe
    2008-06-01 16:50 . 2008-06-02 14:10 3,423 --a--c--- C:\WINDOWS\is154890.exe
    2008-06-01 16:46 . 2008-06-01 16:46 86,512 --a--c--- C:\irc.0om
    2008-05-31 15:41 . 2008-06-01 16:41 60,124 -----c--- C:\bot.0xe
    2008-05-31 15:40 . 2008-05-31 15:39 86,512 -r-hsc--- C:\WINDOWS\service.0xe
    2008-05-28 17:57 . 2008-06-17 02:22 <KANSIO> d----c--- C:\Program Files\iTunes
    2008-05-28 17:57 . 2008-05-28 17:57 <KANSIO> d----c--- C:\Program Files\iPod
    2008-05-27 19:21 . 2008-05-27 19:21 <KANSIO> d----c--- C:\Program Files\Common Files\Apple
    2008-05-27 19:21 . 2008-05-27 19:21 <KANSIO> d----c--- C:\Program Files\Apple Software Update
    2008-05-27 19:21 . 2008-05-27 19:21 <KANSIO> d----c--- C:\Documents and Settings\All Users\Application Data\Apple
    2008-05-27 19:21 . 2008-02-18 11:16 30,464 --a--c--- C:\WINDOWS\system32\drivers\usbaapl.sys

    .
    (((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-06-22 10:01 --------- dc----w C:\Documents and Settings\Mika\Application Data\uTorrent
    2008-06-21 19:01 --------- dc----w C:\Documents and Settings\Mika\Application Data\Skype
    2008-06-20 17:41 --------- dc----w C:\Program Files\DC++
    2008-06-19 12:13 --------- dc----w C:\Program Files\Ski Jump International
    2008-06-19 12:11 --------- dc-h--w C:\Program Files\InstallShield Installation Information
    2008-06-17 12:11 --------- dc----w C:\Program Files\ZipCentral
    2008-06-12 09:38 --------- dc----w C:\Program Files\PAFPoker
    2008-06-10 13:57 --------- dc----w C:\Program Files\dna Nettiturva
    2008-06-06 13:24 --------- dc----w C:\Documents and Settings\All Users\Application Data\F-Secure
    2008-06-06 13:22 --------- dc----w C:\Documents and Settings\All Users\Application Data\fssg
    2008-06-05 14:50 --------- dc----w C:\Program Files\Wolfenstein - Enemy Territory
    2008-06-05 14:48 --------- dc----w C:\Program Files\GameSpy Arcade
    2008-05-27 16:24 --------- dc----w C:\Program Files\QuickTime
    2008-05-27 16:23 --------- dc----w C:\Documents and Settings\All Users\Application Data\Apple Computer
    2008-05-15 13:13 22,328 -c--a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
    2008-05-08 12:28 202,752 -c--a-w C:\WINDOWS\system32\drivers\rmcast.sys
    2007-10-06 18:14 9,679,815 -c--a-w C:\Program Files\vlc-0.8.6c-win32(2).exe
    .

    (((((((((((((((((((((((((((((( Rekisterin k„ynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Huom* Tyhji„ arvoja ja laillisia oletusarvoja ei n„ytet„

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0a9c5ce5-9702-41ba-b347-d66150fbd4e2}]
    2008-06-21 19:27 99328 --a--c--- C:\WINDOWS\system32\ffavjdax.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 15:00 15360]
    "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-01-18 18:07 196608]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
    "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 19:04 52736]
    "AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 20:06 88363 C:\WINDOWS\AGRSMMSG.exe]
    "HPHUPD06"="c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 22:34 49152]
    "HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [2004-06-07 22:29 659456]
    "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 23:43 233472]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-02 05:05 339968]
    "AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 23:47 57344 C:\WINDOWS\ALCXMNTR.EXE]
    "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-10-08 12:52 221184]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 03:41 49152]
    "KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 16:44 61440]
    "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344]
    "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-07-20 13:52 1836544]
    "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-01-18 18:47 458752]
    "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-01-18 18:37 217088]
    "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 101136 C:\WINDOWS\KHALMNPR.Exe]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 101136 C:\WINDOWS\KHALMNPR.Exe]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
    "Windows svchost"="ups.exe" [2004-09-15 15:00 18432 C:\WINDOWS\system32\ups.exe]
    "F-Secure Manager"="C:\Program Files\dna Nettiturva\Common\FSM32.EXE" [2007-04-26 20:12 183208]
    "F-Secure TNB"="C:\Program Files\dna Nettiturva\FSGUI\TNBUtil.exe" [2007-04-26 20:10 740208]
    "fcd0d9d2"="C:\WINDOWS\system32\dpjlhnpe.dll" [2008-06-21 19:30 81408]
    "BMffe3ea4e"="C:\WINDOWS\system32\ntvkqvqi.dll" [2008-06-21 19:24 90112]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcDwUoP]
    efcDwUoP.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
    c:\program files\common files\logitech\bluetooth\LBTWlgn.dll 2007-11-15 11:10 72208 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.enc"= ITIG726.acm

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\ssqRKEXr

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=""

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\RevConnect\\DCPlusPlus.exe"=
    "C:\\Program Files\\DC++\\DCPlusPlus.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
    "C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
    "C:\\Program Files\\uTorrent\\uTorrent.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=

    R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2008-06-10 16:51]
    R0 Stealth;Stealth;C:\WINDOWS\system32\DRIVERS\stealth.sys [2002-06-21 10:58]
    R1 F-Secure HIPS;F-Secure HIPS;C:\Program Files\dna Nettiturva\HIPS\fshs.sys [2008-06-10 16:50]
    R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\dna Nettiturva\Anti-Virus\minifilter\fsgk.sys [2007-04-26 20:07]
    S3 PID_0920;Logitech QuickCam Express(PID_0920);C:\WINDOWS\system32\DRIVERS\LV532AV.SYS []
    S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files\dna Nettiturva\Anti-Virus\Win2K\FSfilter.sys [2007-04-26 20:08]
    S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\dna Nettiturva\Anti-Virus\Win2K\FSrec.sys [2007-04-26 20:08]

    .
    'Ajoitetut teht„v„t'-kansion sis„lt”
    "2008-06-18 07:26:51 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2008-06-22 08:08:25 C:\WINDOWS\Tasks\Scheduled scanning task.job"
    - C:\PROGRA~1\DNANET~1\ANTI-V~1\fsav.exeQ /HARD /POLICY /SCHED /NOBREAK /REPORT=C:\PROGRA~1\DNANET~1\ANTI-V~1\report.txt
    "2008-06-22 11:36:02 C:\WINDOWS\Tasks\Tarkistetaan Windows Live -työkalurivin päivitykset.job"
     
    mAtu_, Jun 22, 2008
    #1
  2. yaht

    yaht Regular member

    Joined:
    Dec 6, 2005
    Messages:
    2,261
    Likes Received:
    0
    Trophy Points:
    46
    1. Lataa Combofix.exe työpöydällesi jommastakummasta linkistä:
    Combofix.exe
    Combofix.exe

    Avaa Muistio ja kopioi/liitä Lainaus: laatikon sisältö sinne:



    Tallenna nimellä CFScript (itse asiassa combofix tunnistaa tuon vaikka tiedostopääte ei olisi
    edes .txt).

    Sitten raahaa ja pudota CFScript ComboFix.exeen kuten alla.(Älä klikkaa)

    [​IMG]


    Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
    Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö tänne.

    Sammuta selain ja muut ohjelmat Fixin ajaksi. (ei virustorjuntaa)
    Käynnistä HijackThis:ja Scan ja ruksaa seuraavat punaisella listatut tiedostot sekä poista ne.(fix Chekked)


    O4 - HKLM\..\Run: [fcd0d9d2] rundll32.exe "C:\WINDOWS\system32\dpjlhnpe.dll",b
    O4 - HKLM\..\Run: [BMffe3ea4e] Rundll32.exe "C:\WINDOWS\system32\ntvkqvqi.dll",s
    O4 - HKLM\..\Run: [Windows svchost] ups.exe
    O20 - Winlogon Notify: efcDwUoP - efcDwUoP.dll (file missing)


    Tyhjennä roskakori ja käynnistä koneesi uudelleen.

    Postita tänne seuraavat lokit:
    * Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta)
    * (C:\ComboFix.txt) raportti
    *
     
    yaht, Jun 22, 2008
    #2
  3. Hujo

    Hujo Guest

    Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne:

    Tallenna se nimellä CFScript.txt

    Sitten raahaa CFScript ComboFix.exeen kuten alla.
    [​IMG]

    Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.

    =============

    scannaa hjt:llä merkkaa paina Fix checked

    O2 - BHO: {2e4dbf05-166d-743b-ab14-20795ec5c9a0} - {0a9c5ce5-9702-41ba-b347-d66150fbd4e2} - C:\WINDOWS\system32\ffavjdax.dll
    O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [Windows svchost] ups.exe
    O4 - HKLM\..\Run: [fcd0d9d2] rundll32.exe "C:\WINDOWS\system32\dpjlhnpe.dll",b
    O4 - HKLM\..\Run: [BMffe3ea4e] Rundll32.exe "C:\WINDOWS\system32\ntvkqvqi.dll",s
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredit...html?p=ZCfox000
    O20 - Winlogon Notify: efcDwUoP - efcDwUoP.dll (file missing)
    O22 - SharedTaskScheduler: USB Ware - {E2CA7CD1-1AD9-F1C4-3D2A-DC1A33E7AF9D} - (no file)
     
    Hujo, Jun 22, 2008
    #3
  4. mAtu_

    mAtu_ Member

    Joined:
    Jun 22, 2008
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    11
    Toivottavasti meni oikeen. Tein kummassakin ohjeessa mainitut asiat.





    ComboFix 08-06-20.4 - Mika 2008-06-22 18:34:15.3 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.201 [GMT 3:00]
    Running from: C:\Documents and Settings\Mika\Työpöytä\SFScript.exe
    Command switches used :: C:\Documents and Settings\Mika\Työpöytä\CFScript.txt
    * Created a new restore point
    * Resident AV is active


    FILE ::
    C:\bot.0xe
    C:\irc.0om
    C:\is154890.0xe
    C:\sz.0xe
    C:\WINDOWS\is154890.exe
    C:\WINDOWS\service.0xe
    C:\WINDOWS\system32\awtRljJD.0ll
    C:\WINDOWS\system32\cuddnlhc.0xe
    C:\WINDOWS\system32\dpjlhnpe.dll
    C:\WINDOWS\system32\ffavjdax.dll
    C:\WINDOWS\system32\ghqhoyex.0ll
    C:\WINDOWS\system32\imxlmmgj.0ll
    C:\WINDOWS\system32\kkwikdiw.0ll
    C:\WINDOWS\system32\ntvkqvqi.dll
    C:\WINDOWS\system32\petvgsbf.0ll
    C:\WINDOWS\system32\qpfohcfh.0xe
    C:\WINDOWS\system32\qqanhbcx.0ll
    C:\WINDOWS\system32\rcmtopar.0ll
    C:\WINDOWS\system32\rfckarnl.0ll
    C:\WINDOWS\system32\romotosn.0ll
    C:\WINDOWS\system32\tdgrqmpu.0ll
    C:\WINDOWS\system32\tsgoonwv.0ll
    C:\WINDOWS\system32\vmhdkmmx.0xe
    C:\WINDOWS\system32\wpeibbkl.0ll
    C:\WINDOWS\system32\wqsacypx.0ll
    C:\WINDOWS\system32\xhbwiydg.0ll
    C:\WINDOWS\system32\xhvnirpo.0ll
    C:\WINDOWS\system32\ycnpudyl.0ll
    C:\WINDOWS\system32\yvmpbodu.0ll
    C:\WINDOWS\ups.0xe
    C:\WINDOWS\ups.exe
    .

    (((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    ---- Previous Run -------
    .
    C:\bot.0xe
    C:\Documents and Settings\Mika\Application Data\TurvaPC
    C:\Documents and Settings\Mika\Application Data\TurvaPC\Logs\update.log
    C:\is154890.0xe
    C:\Program Files\Mozilla Firefox\plugins\npclntax.dll
    C:\Program Files\Seekmo Programs
    C:\Program Files\TurvaPC
    C:\Program Files\TurvaPC\data\GDCW.exe
    C:\sz.0xe
    C:\WINDOWS\BMffe3ea4e.xml
    C:\WINDOWS\is154890.exe
    C:\WINDOWS\pskt.ini
    C:\WINDOWS\service.0xe
    C:\WINDOWS\system32\awtRljJD.0ll
    C:\WINDOWS\system32\awttSiih.dll
    C:\WINDOWS\system32\bbxdwxpt.dll
    C:\WINDOWS\system32\bilnoich.ini
    C:\WINDOWS\system32\cuddnlhc.0xe
    C:\WINDOWS\system32\cuoritmx.dll
    C:\WINDOWS\system32\DJjlRtwa.ini
    C:\WINDOWS\system32\DJjlRtwa.ini2
    C:\WINDOWS\system32\dpjlhnpe.dll
    C:\WINDOWS\system32\epnhljpd.ini
    C:\WINDOWS\system32\fbsgvtep.ini
    C:\WINDOWS\system32\ffavjdax.dll
    C:\WINDOWS\system32\gbhaatlv.ini
    C:\WINDOWS\system32\ghqhoyex.0ll
    C:\WINDOWS\system32\imxlmmgj.0ll
    C:\WINDOWS\system32\jriocaeh.dll
    C:\WINDOWS\system32\kkwikdiw.0ll
    C:\WINDOWS\system32\kqbpikse.dll
    C:\WINDOWS\system32\mcrh.tmp
    C:\WINDOWS\system32\mdsosdut.ini
    C:\WINDOWS\system32\nsotomor.ini
    C:\WINDOWS\system32\ntvkqvqi.dll
    C:\WINDOWS\system32\petvgsbf.0ll
    C:\WINDOWS\system32\qpbnbhic.ini
    C:\WINDOWS\system32\qpfohcfh.0xe
    C:\WINDOWS\system32\qqanhbcx.0ll
    C:\WINDOWS\system32\qqedtmxl.ini
    C:\WINDOWS\system32\rcmtopar.0ll
    C:\WINDOWS\system32\rfckarnl.0ll
    C:\WINDOWS\system32\romotosn.0ll
    C:\WINDOWS\system32\rXEKRqss.ini
    C:\WINDOWS\system32\rXEKRqss.ini2
    C:\WINDOWS\system32\ssqRKEXr.dll
    C:\WINDOWS\system32\tdgrqmpu.0ll
    C:\WINDOWS\system32\tsewiqjp.ini
    C:\WINDOWS\system32\tsgoonwv.0ll
    C:\WINDOWS\system32\ugftimxj.dll
    C:\WINDOWS\system32\uviwvtyo.ini
    C:\WINDOWS\system32\widkiwkk.ini
    C:\WINDOWS\system32\vmhdkmmx.0xe
    C:\WINDOWS\system32\wpeibbkl.0ll
    C:\WINDOWS\system32\wqsacypx.0ll
    C:\WINDOWS\system32\xcbhnaqq.ini
    C:\WINDOWS\system32\xhbwiydg.0ll
    C:\WINDOWS\system32\xhvnirpo.0ll
    C:\WINDOWS\system32\xjwlymja.ini
    C:\WINDOWS\system32\ycnpudyl.0ll
    C:\WINDOWS\system32\yvmpbodu.0ll
    C:\WINDOWS\ups.0xe
    E:\Autorun.inf

    .
    ((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-22 to 2008-06-22 )))))))))))))))))
    .

    2008-06-22 17:25 . 2008-06-22 17:32 <KANSIO> d----c--- C:\Program Files\Windows Live Safety Center
    2008-06-22 16:57 . 2008-06-22 16:57 <KANSIO> d----c--- C:\Program Files\Trend Micro
    2008-06-22 16:23 . 2008-06-22 17:19 466 ---hsc--- C:\WINDOWS\system32\epnhljpd.ini
    2008-06-21 19:05 . 2008-06-21 19:14 <KANSIO> d----c--- C:\Program Files\EA GAMES
    2008-06-19 11:43 . 2008-06-19 11:43 <KANSIO> d----c--- C:\Program Files\Steam-Down
    2008-06-16 19:35 . 2008-06-16 19:35 <KANSIO> d----c--- C:\Program Files\AviSynth 2.5
    2008-06-16 19:34 . 2008-06-16 19:34 <KANSIO> d----c--- C:\Program Files\Red Kawa
    2008-06-15 22:04 . 2005-01-01 23:45 <KANSIO> d----c--- C:\Documents and Settings\Ella\WINDOWS
    2008-06-15 22:04 . 2004-12-14 20:30 <KANSIO> d--h-c--- C:\Documents and Settings\Ella\Verkkoympäristö
    2008-06-15 22:04 . 2005-01-01 23:49 <KANSIO> d----c--- C:\Documents and Settings\Ella\Työpöytä
    2008-06-15 22:04 . 2004-12-14 20:30 <KANSIO> d--h-c--- C:\Documents and Settings\Ella\Tulostinympäristö
    2008-06-15 22:04 . 2006-03-14 10:10 <KANSIO> dr---c--- C:\Documents and Settings\Ella\Suosikit
    2008-06-15 22:04 . 2008-06-15 22:04 <KANSIO> dr---c--- C:\Documents and Settings\Ella\Omat tiedostot
    2008-06-15 22:04 . 2006-03-14 10:11 <KANSIO> d--h-c--- C:\Documents and Settings\Ella\Mallit
    2008-06-15 22:04 . 2006-03-14 10:10 <KANSIO> dr---c--- C:\Documents and Settings\Ella\Käynnistä-valikko
    2008-06-15 22:04 . 2008-06-15 22:04 <KANSIO> d----c--- C:\Documents and Settings\Ella
    2008-06-13 22:45 . 2008-06-14 20:59 272,128 -----c--- C:\WINDOWS\system32\drivers\bthport.sys
    2008-06-13 22:45 . 2008-06-14 20:59 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
    2008-06-06 16:25 . 2008-06-10 16:51 51,072 --a--c--- C:\WINDOWS\system32\drivers\fsdfw.sys
    2008-06-06 16:25 . 2008-06-10 16:51 30,016 --a--c--- C:\WINDOWS\system32\drivers\fsndis5.sys
    2008-06-06 15:34 . 2008-06-06 15:34 <KANSIO> d----c--- C:\Documents and Settings\All Users\Application Data\TurvaPC
    2008-06-06 15:34 . 2008-06-06 15:34 <KANSIO> dr---c--- C:\Documents and Settings\All Users\Application Data\SalesMon
    2008-06-05 17:20 . 2008-06-22 18:17 54,156 --ah-c--- C:\WINDOWS\QTFont.qfn
    2008-06-05 17:20 . 2008-06-05 17:20 1,409 --a--c--- C:\WINDOWS\QTFont.for
    2008-06-03 14:53 . 2008-06-05 09:24 <KANSIO> d----c--- C:\Documents and Settings\matias.YOUR-B62381BA23\Omat tiedostot
    2008-06-03 14:50 . 2008-06-03 14:50 <KANSIO> d----c--- C:\Documents and Settings\matias.YOUR-B62381BA23\Työpöytä
    2008-06-03 14:50 . 2008-06-03 14:50 <KANSIO> dr---c--- C:\Documents and Settings\matias.YOUR-B62381BA23\Suosikit
    2008-06-03 14:50 . 2008-06-03 14:50 <KANSIO> d----c--- C:\Documents and Settings\matias.YOUR-B62381BA23\Käynnistä-valikko
    2008-06-03 13:42 . 2008-06-03 13:42 <KANSIO> d--h-c--- C:\Documents and Settings\matias.YOUR-B62381BA23\Mallit
    2008-05-28 17:57 . 2008-06-17 02:22 <KANSIO> d----c--- C:\Program Files\iTunes
    2008-05-28 17:57 . 2008-05-28 17:57 <KANSIO> d----c--- C:\Program Files\iPod
    2008-05-27 19:21 . 2008-05-27 19:21 <KANSIO> d----c--- C:\Program Files\Common Files\Apple
    2008-05-27 19:21 . 2008-05-27 19:21 <KANSIO> d----c--- C:\Program Files\Apple Software Update
    2008-05-27 19:21 . 2008-05-27 19:21 <KANSIO> d----c--- C:\Documents and Settings\All Users\Application Data\Apple
    2008-05-27 19:21 . 2008-02-18 11:16 30,464 --a--c--- C:\WINDOWS\system32\drivers\usbaapl.sys

    .
    (((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-06-22 15:23 --------- dc----w C:\Program Files\ZipCentral
    2008-06-22 10:01 --------- dc----w C:\Documents and Settings\Mika\Application Data\uTorrent
    2008-06-21 19:01 --------- dc----w C:\Documents and Settings\Mika\Application Data\Skype
    2008-06-20 17:41 --------- dc----w C:\Program Files\DC++
    2008-06-19 12:13 --------- dc----w C:\Program Files\Ski Jump International
    2008-06-19 12:11 --------- dc-h--w C:\Program Files\InstallShield Installation Information
    2008-06-12 09:38 --------- dc----w C:\Program Files\PAFPoker
    2008-06-10 13:57 --------- dc----w C:\Program Files\dna Nettiturva
    2008-06-06 13:24 --------- dc----w C:\Documents and Settings\All Users\Application Data\F-Secure
    2008-06-06 13:22 --------- dc----w C:\Documents and Settings\All Users\Application Data\fssg
    2008-06-05 14:50 --------- dc----w C:\Program Files\Wolfenstein - Enemy Territory
    2008-06-05 14:48 --------- dc----w C:\Program Files\GameSpy Arcade
    2008-05-27 16:24 --------- dc----w C:\Program Files\QuickTime
    2008-05-27 16:23 --------- dc----w C:\Documents and Settings\All Users\Application Data\Apple Computer
    2008-05-15 13:13 22,328 -c--a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
    2008-05-15 13:13 107,832 -c--a-w C:\WINDOWS\system32\PnkBstrB.exe
    2008-05-08 12:28 202,752 -c--a-w C:\WINDOWS\system32\drivers\rmcast.sys
    2008-05-07 05:15 1,288,192 -c--a-w C:\WINDOWS\system32\quartz.dll
    2008-04-23 04:16 826,368 -c--a-w C:\WINDOWS\system32\wininet.dll
    2008-03-25 04:51 621,344 -c--a-w C:\WINDOWS\system32\mswstr10.dll
    2008-03-25 04:51 166,688 -c--a-w C:\WINDOWS\system32\msjint40.dll
    2007-10-06 18:14 9,679,815 -c--a-w C:\Program Files\vlc-0.8.6c-win32(2).exe
    .

    ((((((((((((((((((((((((((((( snapshot@2008-06-22_15.43.10.40 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-06-22 12:36:51 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    + 2008-06-22 15:15:13 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    + 2008-04-29 05:49:06 456,768 -c--a-w C:\WINDOWS\Downloaded Program Files\wlscBase.dll
    .
    (((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 15:00 15360]
    "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-01-18 18:07 196608]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 19:04 52736]
    "AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 20:06 88363 C:\WINDOWS\AGRSMMSG.exe]
    "HPHUPD06"="c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 22:34 49152]
    "HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [2004-06-07 22:29 659456]
    "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 23:43 233472]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-02 05:05 339968]
    "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-10-08 12:52 221184]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 03:41 49152]
    "KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 16:44 61440]
    "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344]
    "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-07-20 13:52 1836544]
    "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-01-18 18:47 458752]
    "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-01-18 18:37 217088]
    "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 101136 C:\WINDOWS\KHALMNPR.Exe]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 101136 C:\WINDOWS\KHALMNPR.Exe]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
    "F-Secure Manager"="C:\Program Files\dna Nettiturva\Common\FSM32.EXE" [2007-04-26 20:12 183208]
    "F-Secure TNB"="C:\Program Files\dna Nettiturva\FSGUI\TNBUtil.exe" [2007-04-26 20:10 740208]

    C:\Documents and Settings\Default User\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
    AutoTBar.exe [2003-09-30 23:30:04 57344]

    C:\Documents and Settings\Default User\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
    AutoTBar.exe [2003-09-30 23:30:04 57344]

    C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 05:21:22 288472]
    Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-08-25 13:21:12 67128]
    Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-08-25 13:19:12 784912]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
    c:\program files\common files\logitech\bluetooth\LBTWlgn.dll 2007-11-15 11:10 72208 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.enc"= ITIG726.acm

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=""

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\RevConnect\\DCPlusPlus.exe"=
    "C:\\Program Files\\DC++\\DCPlusPlus.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
    "C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
    "C:\\Program Files\\uTorrent\\uTorrent.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=

    R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2008-06-10 16:51]
    R0 Stealth;Stealth;C:\WINDOWS\system32\DRIVERS\stealth.sys [2002-06-21 10:58]
    R1 F-Secure HIPS;F-Secure HIPS;C:\Program Files\dna Nettiturva\HIPS\fshs.sys [2008-06-10 16:50]
    R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\dna Nettiturva\Anti-Virus\minifilter\fsgk.sys [2007-04-26 20:07]
    S3 PID_0920;Logitech QuickCam Express(PID_0920);C:\WINDOWS\system32\DRIVERS\LV532AV.SYS []
    S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files\dna Nettiturva\Anti-Virus\Win2K\FSfilter.sys [2007-04-26 20:08]
    S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\dna Nettiturva\Anti-Virus\Win2K\FSrec.sys [2007-04-26 20:08]

    .
    'Ajoitetut tehtävät'-kansion sisältö
    "2008-06-18 07:26:51 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2008-06-22 13:42:34 C:\WINDOWS\Tasks\Scheduled scanning task.job"
    - C:\PROGRA~1\DNANET~1\ANTI-V~1\fsav.exeQ /HARD /POLICY /SCHED /NOBREAK /REPORT=C:\PROGRA~1\DNANET~1\ANTI-V~1\report.txt
    "2008-06-22 15:36:02 C:\WINDOWS\Tasks\Tarkistetaan Windows Live -työkalurivin päivitykset.job"
    - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-06-22 18:37:31
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-06-22 18:39:00
    ComboFix-quarantined-files.txt 2008-06-22 15:38:55

    Pre-Run: 6,213,558,272 tavua vapaana
    Post-Run: 6,204,633,088 tavua vapaana

    281 --- E O F --- 2008-06-21 07:46:48






    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:41:38, on 22.6.2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16674)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\dna Nettiturva\Anti-Virus\fsgk32st.exe
    C:\Program Files\dna Nettiturva\Anti-Virus\FSGK32.EXE
    C:\Program Files\dna Nettiturva\Common\FSMA32.EXE
    C:\Program Files\dna Nettiturva\Common\FSMB32.EXE
    c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\dna Nettiturva\Common\FCH32.EXE
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\UStorSrv.exe
    C:\Program Files\dna Nettiturva\Common\FAMEH32.EXE
    C:\Program Files\dna Nettiturva\Anti-Virus\fsqh.exe
    C:\Program Files\dna Nettiturva\FSAUA\program\fsaua.exe
    C:\Program Files\dna Nettiturva\Anti-Virus\fssm32.exe
    C:\Program Files\dna Nettiturva\FWES\Program\fsdfwd.exe
    C:\Program Files\dna Nettiturva\FSAUA\program\fsus.exe
    C:\Program Files\dna Nettiturva\Anti-Virus\fsav32.exe
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\dna Nettiturva\Common\FSM32.EXE
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\dna Nettiturva\FSGUI\fsguidll.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://finnish.ircfast2.com/index.php?rvs=hompag
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI&c=Q305&bd=pavilion&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 128.238.88.64:3128
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: HP-näkymä - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
    O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\dna Nettiturva\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\dna Nettiturva\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
    O4 - S-1-5-18 Startup: AutoTBar.exe (User 'SYSTEM')
    O4 - .DEFAULT Startup: AutoTBar.exe (User 'Default user')
    O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar3.dll/cmwordtrans.html
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Avaa uuteen etuvälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/230?e4ab05b8cdeb4a9c810de1879497a108
    O8 - Extra context menu item: Avaa uuteen taustavälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/229?e4ab05b8cdeb4a9c810de1879497a108
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
    O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
    O9 - Extra 'Tools' menuitem: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9563.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\dna Nettiturva\Anti-Virus\fsgk32st.exe
    O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\dna Nettiturva\FSAUA\program\fsaua.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\dna Nettiturva\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\dna Nettiturva\Common\FSMA32.EXE
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe

    --
    End of file - 13639 bytes
     
    mAtu_, Jun 22, 2008
    #4
  5. mAtu_

    mAtu_ Member

    Joined:
    Jun 22, 2008
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    11

    Tein kummassakin ohjeessa mainitut asiat.Toivottavasti meni oikein.


    ComboFix 08-06-20.4 - Mika 2008-06-22 18:34:15.3 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.201 [GMT 3:00]
    Running from: C:\Documents and Settings\Mika\Työpöytä\SFScript.exe
    Command switches used :: C:\Documents and Settings\Mika\Työpöytä\CFScript.txt
    * Created a new restore point
    * Resident AV is active


    FILE ::
    C:\bot.0xe
    C:\irc.0om
    C:\is154890.0xe
    C:\sz.0xe
    C:\WINDOWS\is154890.exe
    C:\WINDOWS\service.0xe
    C:\WINDOWS\system32\awtRljJD.0ll
    C:\WINDOWS\system32\cuddnlhc.0xe
    C:\WINDOWS\system32\dpjlhnpe.dll
    C:\WINDOWS\system32\ffavjdax.dll
    C:\WINDOWS\system32\ghqhoyex.0ll
    C:\WINDOWS\system32\imxlmmgj.0ll
    C:\WINDOWS\system32\kkwikdiw.0ll
    C:\WINDOWS\system32\ntvkqvqi.dll
    C:\WINDOWS\system32\petvgsbf.0ll
    C:\WINDOWS\system32\qpfohcfh.0xe
    C:\WINDOWS\system32\qqanhbcx.0ll
    C:\WINDOWS\system32\rcmtopar.0ll
    C:\WINDOWS\system32\rfckarnl.0ll
    C:\WINDOWS\system32\romotosn.0ll
    C:\WINDOWS\system32\tdgrqmpu.0ll
    C:\WINDOWS\system32\tsgoonwv.0ll
    C:\WINDOWS\system32\vmhdkmmx.0xe
    C:\WINDOWS\system32\wpeibbkl.0ll
    C:\WINDOWS\system32\wqsacypx.0ll
    C:\WINDOWS\system32\xhbwiydg.0ll
    C:\WINDOWS\system32\xhvnirpo.0ll
    C:\WINDOWS\system32\ycnpudyl.0ll
    C:\WINDOWS\system32\yvmpbodu.0ll
    C:\WINDOWS\ups.0xe
    C:\WINDOWS\ups.exe
    .

    (((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    ---- Previous Run -------
    .
    C:\bot.0xe
    C:\Documents and Settings\Mika\Application Data\TurvaPC
    C:\Documents and Settings\Mika\Application Data\TurvaPC\Logs\update.log
    C:\is154890.0xe
    C:\Program Files\Mozilla Firefox\plugins\npclntax.dll
    C:\Program Files\Seekmo Programs
    C:\Program Files\TurvaPC
    C:\Program Files\TurvaPC\data\GDCW.exe
    C:\sz.0xe
    C:\WINDOWS\BMffe3ea4e.xml
    C:\WINDOWS\is154890.exe
    C:\WINDOWS\pskt.ini
    C:\WINDOWS\service.0xe
    C:\WINDOWS\system32\awtRljJD.0ll
    C:\WINDOWS\system32\awttSiih.dll
    C:\WINDOWS\system32\bbxdwxpt.dll
    C:\WINDOWS\system32\bilnoich.ini
    C:\WINDOWS\system32\cuddnlhc.0xe
    C:\WINDOWS\system32\cuoritmx.dll
    C:\WINDOWS\system32\DJjlRtwa.ini
    C:\WINDOWS\system32\DJjlRtwa.ini2
    C:\WINDOWS\system32\dpjlhnpe.dll
    C:\WINDOWS\system32\epnhljpd.ini
    C:\WINDOWS\system32\fbsgvtep.ini
    C:\WINDOWS\system32\ffavjdax.dll
    C:\WINDOWS\system32\gbhaatlv.ini
    C:\WINDOWS\system32\ghqhoyex.0ll
    C:\WINDOWS\system32\imxlmmgj.0ll
    C:\WINDOWS\system32\jriocaeh.dll
    C:\WINDOWS\system32\kkwikdiw.0ll
    C:\WINDOWS\system32\kqbpikse.dll
    C:\WINDOWS\system32\mcrh.tmp
    C:\WINDOWS\system32\mdsosdut.ini
    C:\WINDOWS\system32\nsotomor.ini
    C:\WINDOWS\system32\ntvkqvqi.dll
    C:\WINDOWS\system32\petvgsbf.0ll
    C:\WINDOWS\system32\qpbnbhic.ini
    C:\WINDOWS\system32\qpfohcfh.0xe
    C:\WINDOWS\system32\qqanhbcx.0ll
    C:\WINDOWS\system32\qqedtmxl.ini
    C:\WINDOWS\system32\rcmtopar.0ll
    C:\WINDOWS\system32\rfckarnl.0ll
    C:\WINDOWS\system32\romotosn.0ll
    C:\WINDOWS\system32\rXEKRqss.ini
    C:\WINDOWS\system32\rXEKRqss.ini2
    C:\WINDOWS\system32\ssqRKEXr.dll
    C:\WINDOWS\system32\tdgrqmpu.0ll
    C:\WINDOWS\system32\tsewiqjp.ini
    C:\WINDOWS\system32\tsgoonwv.0ll
    C:\WINDOWS\system32\ugftimxj.dll
    C:\WINDOWS\system32\uviwvtyo.ini
    C:\WINDOWS\system32\widkiwkk.ini
    C:\WINDOWS\system32\vmhdkmmx.0xe
    C:\WINDOWS\system32\wpeibbkl.0ll
    C:\WINDOWS\system32\wqsacypx.0ll
    C:\WINDOWS\system32\xcbhnaqq.ini
    C:\WINDOWS\system32\xhbwiydg.0ll
    C:\WINDOWS\system32\xhvnirpo.0ll
    C:\WINDOWS\system32\xjwlymja.ini
    C:\WINDOWS\system32\ycnpudyl.0ll
    C:\WINDOWS\system32\yvmpbodu.0ll
    C:\WINDOWS\ups.0xe
    E:\Autorun.inf

    .
    ((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-22 to 2008-06-22 )))))))))))))))))
    .

    2008-06-22 17:25 . 2008-06-22 17:32 <KANSIO> d----c--- C:\Program Files\Windows Live Safety Center
    2008-06-22 16:57 . 2008-06-22 16:57 <KANSIO> d----c--- C:\Program Files\Trend Micro
    2008-06-22 16:23 . 2008-06-22 17:19 466 ---hsc--- C:\WINDOWS\system32\epnhljpd.ini
    2008-06-21 19:05 . 2008-06-21 19:14 <KANSIO> d----c--- C:\Program Files\EA GAMES
    2008-06-19 11:43 . 2008-06-19 11:43 <KANSIO> d----c--- C:\Program Files\Steam-Down
    2008-06-16 19:35 . 2008-06-16 19:35 <KANSIO> d----c--- C:\Program Files\AviSynth 2.5
    2008-06-16 19:34 . 2008-06-16 19:34 <KANSIO> d----c--- C:\Program Files\Red Kawa
    2008-06-15 22:04 . 2005-01-01 23:45 <KANSIO> d----c--- C:\Documents and Settings\Ella\WINDOWS
    2008-06-15 22:04 . 2004-12-14 20:30 <KANSIO> d--h-c--- C:\Documents and Settings\Ella\Verkkoympäristö
    2008-06-15 22:04 . 2005-01-01 23:49 <KANSIO> d----c--- C:\Documents and Settings\Ella\Työpöytä
    2008-06-15 22:04 . 2004-12-14 20:30 <KANSIO> d--h-c--- C:\Documents and Settings\Ella\Tulostinympäristö
    2008-06-15 22:04 . 2006-03-14 10:10 <KANSIO> dr---c--- C:\Documents and Settings\Ella\Suosikit
    2008-06-15 22:04 . 2008-06-15 22:04 <KANSIO> dr---c--- C:\Documents and Settings\Ella\Omat tiedostot
    2008-06-15 22:04 . 2006-03-14 10:11 <KANSIO> d--h-c--- C:\Documents and Settings\Ella\Mallit
    2008-06-15 22:04 . 2006-03-14 10:10 <KANSIO> dr---c--- C:\Documents and Settings\Ella\Käynnistä-valikko
    2008-06-15 22:04 . 2008-06-15 22:04 <KANSIO> d----c--- C:\Documents and Settings\Ella
    2008-06-13 22:45 . 2008-06-14 20:59 272,128 -----c--- C:\WINDOWS\system32\drivers\bthport.sys
    2008-06-13 22:45 . 2008-06-14 20:59 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
    2008-06-06 16:25 . 2008-06-10 16:51 51,072 --a--c--- C:\WINDOWS\system32\drivers\fsdfw.sys
    2008-06-06 16:25 . 2008-06-10 16:51 30,016 --a--c--- C:\WINDOWS\system32\drivers\fsndis5.sys
    2008-06-06 15:34 . 2008-06-06 15:34 <KANSIO> d----c--- C:\Documents and Settings\All Users\Application Data\TurvaPC
    2008-06-06 15:34 . 2008-06-06 15:34 <KANSIO> dr---c--- C:\Documents and Settings\All Users\Application Data\SalesMon
    2008-06-05 17:20 . 2008-06-22 18:17 54,156 --ah-c--- C:\WINDOWS\QTFont.qfn
    2008-06-05 17:20 . 2008-06-05 17:20 1,409 --a--c--- C:\WINDOWS\QTFont.for
    2008-06-03 14:53 . 2008-06-05 09:24 <KANSIO> d----c--- C:\Documents and Settings\matias.YOUR-B62381BA23\Omat tiedostot
    2008-06-03 14:50 . 2008-06-03 14:50 <KANSIO> d----c--- C:\Documents and Settings\matias.YOUR-B62381BA23\Työpöytä
    2008-06-03 14:50 . 2008-06-03 14:50 <KANSIO> dr---c--- C:\Documents and Settings\matias.YOUR-B62381BA23\Suosikit
    2008-06-03 14:50 . 2008-06-03 14:50 <KANSIO> d----c--- C:\Documents and Settings\matias.YOUR-B62381BA23\Käynnistä-valikko
    2008-06-03 13:42 . 2008-06-03 13:42 <KANSIO> d--h-c--- C:\Documents and Settings\matias.YOUR-B62381BA23\Mallit
    2008-05-28 17:57 . 2008-06-17 02:22 <KANSIO> d----c--- C:\Program Files\iTunes
    2008-05-28 17:57 . 2008-05-28 17:57 <KANSIO> d----c--- C:\Program Files\iPod
    2008-05-27 19:21 . 2008-05-27 19:21 <KANSIO> d----c--- C:\Program Files\Common Files\Apple
    2008-05-27 19:21 . 2008-05-27 19:21 <KANSIO> d----c--- C:\Program Files\Apple Software Update
    2008-05-27 19:21 . 2008-05-27 19:21 <KANSIO> d----c--- C:\Documents and Settings\All Users\Application Data\Apple
    2008-05-27 19:21 . 2008-02-18 11:16 30,464 --a--c--- C:\WINDOWS\system32\drivers\usbaapl.sys

    .
    (((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-06-22 15:23 --------- dc----w C:\Program Files\ZipCentral
    2008-06-22 10:01 --------- dc----w C:\Documents and Settings\Mika\Application Data\uTorrent
    2008-06-21 19:01 --------- dc----w C:\Documents and Settings\Mika\Application Data\Skype
    2008-06-20 17:41 --------- dc----w C:\Program Files\DC++
    2008-06-19 12:13 --------- dc----w C:\Program Files\Ski Jump International
    2008-06-19 12:11 --------- dc-h--w C:\Program Files\InstallShield Installation Information
    2008-06-12 09:38 --------- dc----w C:\Program Files\PAFPoker
    2008-06-10 13:57 --------- dc----w C:\Program Files\dna Nettiturva
    2008-06-06 13:24 --------- dc----w C:\Documents and Settings\All Users\Application Data\F-Secure
    2008-06-06 13:22 --------- dc----w C:\Documents and Settings\All Users\Application Data\fssg
    2008-06-05 14:50 --------- dc----w C:\Program Files\Wolfenstein - Enemy Territory
    2008-06-05 14:48 --------- dc----w C:\Program Files\GameSpy Arcade
    2008-05-27 16:24 --------- dc----w C:\Program Files\QuickTime
    2008-05-27 16:23 --------- dc----w C:\Documents and Settings\All Users\Application Data\Apple Computer
    2008-05-15 13:13 22,328 -c--a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
    2008-05-15 13:13 107,832 -c--a-w C:\WINDOWS\system32\PnkBstrB.exe
    2008-05-08 12:28 202,752 -c--a-w C:\WINDOWS\system32\drivers\rmcast.sys
    2008-05-07 05:15 1,288,192 -c--a-w C:\WINDOWS\system32\quartz.dll
    2008-04-23 04:16 826,368 -c--a-w C:\WINDOWS\system32\wininet.dll
    2008-03-25 04:51 621,344 -c--a-w C:\WINDOWS\system32\mswstr10.dll
    2008-03-25 04:51 166,688 -c--a-w C:\WINDOWS\system32\msjint40.dll
    2007-10-06 18:14 9,679,815 -c--a-w C:\Program Files\vlc-0.8.6c-win32(2).exe
    .

    ((((((((((((((((((((((((((((( snapshot@2008-06-22_15.43.10.40 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-06-22 12:36:51 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    + 2008-06-22 15:15:13 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    + 2008-04-29 05:49:06 456,768 -c--a-w C:\WINDOWS\Downloaded Program Files\wlscBase.dll
    .
    (((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 15:00 15360]
    "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-01-18 18:07 196608]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 19:04 52736]
    "AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 20:06 88363 C:\WINDOWS\AGRSMMSG.exe]
    "HPHUPD06"="c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 22:34 49152]
    "HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [2004-06-07 22:29 659456]
    "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 23:43 233472]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-02 05:05 339968]
    "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-10-08 12:52 221184]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 03:41 49152]
    "KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 16:44 61440]
    "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344]
    "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-07-20 13:52 1836544]
    "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-01-18 18:47 458752]
    "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-01-18 18:37 217088]
    "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 101136 C:\WINDOWS\KHALMNPR.Exe]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 101136 C:\WINDOWS\KHALMNPR.Exe]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
    "F-Secure Manager"="C:\Program Files\dna Nettiturva\Common\FSM32.EXE" [2007-04-26 20:12 183208]
    "F-Secure TNB"="C:\Program Files\dna Nettiturva\FSGUI\TNBUtil.exe" [2007-04-26 20:10 740208]

    C:\Documents and Settings\Default User\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
    AutoTBar.exe [2003-09-30 23:30:04 57344]

    C:\Documents and Settings\Default User\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
    AutoTBar.exe [2003-09-30 23:30:04 57344]

    C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 05:21:22 288472]
    Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-08-25 13:21:12 67128]
    Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-08-25 13:19:12 784912]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
    c:\program files\common files\logitech\bluetooth\LBTWlgn.dll 2007-11-15 11:10 72208 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.enc"= ITIG726.acm

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=""

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\RevConnect\\DCPlusPlus.exe"=
    "C:\\Program Files\\DC++\\DCPlusPlus.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
    "C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
    "C:\\Program Files\\uTorrent\\uTorrent.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=

    R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2008-06-10 16:51]
    R0 Stealth;Stealth;C:\WINDOWS\system32\DRIVERS\stealth.sys [2002-06-21 10:58]
    R1 F-Secure HIPS;F-Secure HIPS;C:\Program Files\dna Nettiturva\HIPS\fshs.sys [2008-06-10 16:50]
    R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\dna Nettiturva\Anti-Virus\minifilter\fsgk.sys [2007-04-26 20:07]
    S3 PID_0920;Logitech QuickCam Express(PID_0920);C:\WINDOWS\system32\DRIVERS\LV532AV.SYS []
    S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files\dna Nettiturva\Anti-Virus\Win2K\FSfilter.sys [2007-04-26 20:08]
    S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\dna Nettiturva\Anti-Virus\Win2K\FSrec.sys [2007-04-26 20:08]

    .
    'Ajoitetut tehtävät'-kansion sisältö
    "2008-06-18 07:26:51 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2008-06-22 13:42:34 C:\WINDOWS\Tasks\Scheduled scanning task.job"
    - C:\PROGRA~1\DNANET~1\ANTI-V~1\fsav.exeQ /HARD /POLICY /SCHED /NOBREAK /REPORT=C:\PROGRA~1\DNANET~1\ANTI-V~1\report.txt
    "2008-06-22 15:36:02 C:\WINDOWS\Tasks\Tarkistetaan Windows Live -työkalurivin päivitykset.job"
    - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-06-22 18:37:31
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-06-22 18:39:00
    ComboFix-quarantined-files.txt 2008-06-22 15:38:55

    Pre-Run: 6,213,558,272 tavua vapaana
    Post-Run: 6,204,633,088 tavua vapaana

    281 --- E O F --- 2008-06-21 07:46:48








    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:45:59, on 22.6.2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16674)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\dna Nettiturva\Anti-Virus\fsgk32st.exe
    C:\Program Files\dna Nettiturva\Anti-Virus\FSGK32.EXE
    C:\Program Files\dna Nettiturva\Common\FSMA32.EXE
    C:\Program Files\dna Nettiturva\Common\FSMB32.EXE
    c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\dna Nettiturva\Common\FCH32.EXE
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\UStorSrv.exe
    C:\Program Files\dna Nettiturva\Common\FAMEH32.EXE
    C:\Program Files\dna Nettiturva\Anti-Virus\fsqh.exe
    C:\Program Files\dna Nettiturva\FSAUA\program\fsaua.exe
    C:\Program Files\dna Nettiturva\Anti-Virus\fssm32.exe
    C:\Program Files\dna Nettiturva\FWES\Program\fsdfwd.exe
    C:\Program Files\dna Nettiturva\FSAUA\program\fsus.exe
    C:\Program Files\dna Nettiturva\Anti-Virus\fsav32.exe
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\dna Nettiturva\Common\FSM32.EXE
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\dna Nettiturva\FSGUI\fsguidll.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://finnish.ircfast2.com/index.php?rvs=hompag
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI&c=Q305&bd=pavilion&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 128.238.88.64:3128
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: HP-näkymä - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
    O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\dna Nettiturva\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\dna Nettiturva\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
    O4 - S-1-5-18 Startup: AutoTBar.exe (User 'SYSTEM')
    O4 - .DEFAULT Startup: AutoTBar.exe (User 'Default user')
    O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar3.dll/cmwordtrans.html
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Avaa uuteen etuvälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/230?e4ab05b8cdeb4a9c810de1879497a108
    O8 - Extra context menu item: Avaa uuteen taustavälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/229?e4ab05b8cdeb4a9c810de1879497a108
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
    O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
    O9 - Extra 'Tools' menuitem: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9563.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\dna Nettiturva\Anti-Virus\fsgk32st.exe
    O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\dna Nettiturva\FSAUA\program\fsaua.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\dna Nettiturva\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\dna Nettiturva\Common\FSMA32.EXE
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe

    --
    End of file - 13639 bytes
     
    mAtu_, Jun 22, 2008
    #5
  6. yaht

    yaht Regular member

    Joined:
    Dec 6, 2005
    Messages:
    2,261
    Likes Received:
    0
    Trophy Points:
    46

    Lataa Malwarebytes' Anti-Malware työpöydällesi.

    * Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
    * Lopuksi varmistu, että seuraavat on valittu: Päivitä Malwarebytes' Anti-Malware ja Käynnistä Malwarebytes' Anti-Malware ja sen jälkeen klikkaa Lopeta.
    * Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
    * Kun ohjelma on latautunut, valitse Suorita täysi tarkistus ja klikkaa Tarkista.
    * Kun skanni on valmis, klikkaa OK ja sitten Näytä tulokset nähdäksesi tulokset.
    * Varmistu, että kaikki on merkitty ja klikkaa Poista valitut.
    * Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös
    täältä: C:\Documents and Settings\Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
    * Lähetä lokin sisältö seuraavassa viestissäsi + uusi hjt-loki.
     
    yaht, Jun 22, 2008
    #6
  7. mAtu_

    mAtu_ Member

    Joined:
    Jun 22, 2008
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    11
    Malwarebytes' Anti-Malware 1.18
    Tietokantaversio: 878

    20:18:02 22.6.2008
    mbam-log-6-22-2008 (20-18-02).txt

    Tarkistustyyppi: Täysi tarkistus (C:\|D:\|E:\|K:\|)
    Tarkistetut kohteet: 151372
    Kulunut aika: 1 hour(s), 5 minute(s), 57 second(s)

    Saastuneita muistiprosesseja: 0
    Saastuneita muistimoduuleja: 0
    Saastuneita rekisteriavaimia: 12
    Saastuneita rekisteriarvoja: 0
    Saastuneita rekisterikohteita: 0
    Saastuneita hakemistoja: 9
    Saastuneita tiedostoja: 275

    Saastuneita muistiprosesseja:
    (Haitallisia kohteita ei löydetty)

    Saastuneita muistimoduuleja:
    (Haitallisia kohteita ei löydetty)

    Saastuneita rekisteriavaimia:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0ac49246-419b-4ee0-8917-8818daad6a4e} (Adware.180Solutions) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{99410cde-6f16-42ce-9d49-3807f78f0287} (Adware.180Solutions) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{f31a5d11-bf0b-4a4e-90af-274f2090aaa6} (Adware.180Solutions) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    Saastuneita rekisteriarvoja:
    (Haitallisia kohteita ei löydetty)

    Saastuneita rekisterikohteita:
    (Haitallisia kohteita ei löydetty)

    Saastuneita hakemistoja:
    C:\Casino (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\history (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\history\1873703 (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\logs (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\promo (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\sfx (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\xrs (Adware.Casino) -> Quarantined and deleted successfully.

    Saastuneita tiedostoja:
    C:\QooBox\Quarantine\C\bot.0xe.vir (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\Program Files\TurvaPC\data\GDCW.exe.vir (Rogue.PCPrivacyTool) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\service.0xe.vir (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\awtRljJD.0ll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\awttSiih.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\cuddnlhc.0xe.vir (Trojan.LowZones) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\dpjlhnpe.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\kkwikdiw.0ll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\petvgsbf.0ll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\qpfohcfh.0xe.vir (Trojan.LowZones) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\qqanhbcx.0ll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\ssqRKEXr.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\tsgoonwv.0ll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\vmhdkmmx.0xe.vir (Trojan.LowZones) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP544\A0129135.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP545\A0130610.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP545\A0130634.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP545\A0130636.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP545\A0130638.0ll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP545\A0130639.0ll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP550\A0130955.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP550\A0132104.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP552\A0132211.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP552\A0132212.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP555\A0134275.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP555\A0134520.0xe (Trojan.LowZones) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP555\A0134521.0xe (Trojan.LowZones) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP555\A0134523.0ll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP555\A0134524.0xe (Trojan.LowZones) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP555\A0134527.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP557\A0138248.0xe (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP557\A0138249.0om (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP559\A0138623.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP561\A0139511.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP561\A0139515.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP562\A0139617.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    K:\Documents and Settings\administrator\Local Settings\Temp\GLK18.tmp (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
    K:\Documents and Settings\administrator\Local Settings\Temp\GLK1A.tmp (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
    K:\Documents and Settings\administrator\Local Settings\Temp\GLKD.tmp (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
    K:\Documents and Settings\administrator\Local Settings\Temp\GLKF.tmp (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
    K:\System Volume Information\_restore{69A63179-8C86-43C9-BB44-847486B0E565}\RP84\A0069108.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    K:\WINDOWS\diabunin.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\blackjack.dll (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\browser.exe (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\cacerts.crt (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\cam.cas (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\cardlib.dll (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\common.dll (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\countries.lst (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\creditdebit.dll (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\db.dll (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\devlib.dll (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\devlibcomm.dll (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\filemap.lst (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\fivecard.dll (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\games.xrs (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\gsid.txt (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\id.xrs (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\INSTALL.LOG (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\languages.xrs (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\libeay32.dll (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\licens.txt (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\modstatus.lst (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\mp3dec.asi (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\mss32.dll (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\msvcp71.dll (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\msvcr71.dll (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\navigator.dll (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\omaha.dll (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\options.cfg (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\poker.dll (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\poker.exe (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\sc.dll (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\shfolder.dll (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\srvmap.lst (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\ssleay32.dll (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\texas.dll (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\UNWISE.EXE (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\update.exe (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\xml.dll (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\zlib1.dll (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\0.gif (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\1.gif (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\10.gif (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\11.gif (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\12.gif (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\13.gif (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\14.gif (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\15.gif (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\16.gif (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\17.gif (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\18.gif (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\19.gif (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\2.gif (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\20.gif (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\21.gif (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\22.gif (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\23.gif (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\24.gif (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\25.gif (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\26.gif (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\27.gif (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\28.gif (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\29.gif (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\3.gif (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\30.gif (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\31.gif (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\32.gif (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\33.gif (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\34.gif (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\35.gif (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\36.gif (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\37.gif (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\38.gif (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\39.gif (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\4.gif (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\40.gif (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\41.gif (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\42.gif (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\43.gif (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\44.gif (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\45.gif (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\46.gif (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\47.gif (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\48.gif (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\49.gif (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\5.gif (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\50.gif (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\51.gif (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\6.gif (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\7.gif (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\8.gif (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\9.gif (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\allin_popup.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\archive.xsl (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\archive_ff.xsl (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\avatar.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\b.gif (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\base.css (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\bkg.gif (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\browserdetect.js (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\but_cashier.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\but_close.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\but_filters_big.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\but_filters_small.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\but_game.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\but_general.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\but_join.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\but_main.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\but_medium.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\but_minmax.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\but_sublevels_big.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\but_sublevels_small.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\caret.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\chatbubble.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\chips.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\decktype_settings.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\edit.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\gamelimits1.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\gamelimits2.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\gamelimits3.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\game_summary.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\gre_font_11p_regular.xbf (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\hand.html (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\hand.xsl (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\hand_cursor.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\hand_ff.xsl (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\harrow.cur (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\headers_bkg.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\headers_text.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\history.html (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\history.xsl (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\history_ff.xsl (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\input_additional.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\input_boxes.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\input_lists.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\language.xml (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\language.xsl (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\languages.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\language_ff.xsl (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\main.js (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\main_bkg.jpg (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\main_listhi.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\navigator_bg.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\navigator_buttons.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\navigator_moneytext.jpg (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\navigator_timer.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\panel_big.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\panel_bottom.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\panel_game_big.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\panel_game_small.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\panel_game_top.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\panel_left.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\panel_medium.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\panel_moretables.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\panel_texts.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\panel_top.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\pointer.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\poker_cardback.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\poker_cards.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\poker_cards_4c.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\poker_cards_large.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\poker_cards_large_4c.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\poker_deckside.jpg (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\poker_font_11p_bold.xbf (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\poker_font_11p_regular.xbf (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\poker_makechoice.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\poker_pucks.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\pol_font_11p_regular.xbf (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\popups.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\position_actions.png (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\position_active.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\position_inactive.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\position_note.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\position_numbers.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\progress_ani.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\promo-test1.jpg (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\rus_font_11p_regular.xbf (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\sc_bkg8.jpg (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\tabs_big.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\tabs_cashier.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\tabs_small.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\text.gif (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\timeslider.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\tur_font_11p_regular.xbf (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\tx_bkg10.jpg (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\tx_bkg5.jpg (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\user.xsl (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\user_ff.xsl (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\white_line.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\win_graphics.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\xml.gif (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\data\xml_decoder.js (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\history\1873703\stats_GAME_THM.xml (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\sfx\c_button.wav (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\sfx\c_chip.wav (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\sfx\c_deal.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\sfx\p_alert.wav (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\sfx\p_checkknock.wav (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\xrs\blackjack_game_panel.xrs (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\xrs\blackjack_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\xrs\common.xrs (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\xrs\creditdebit.xrs (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\xrs\ext_clientspecific.xrs (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\xrs\ext_creditdebit.xrs (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\xrs\ext_game.xrs (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\xrs\ext_general.xrs (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\xrs\ext_mc_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\xrs\ext_navigator.xrs (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\xrs\fcs_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\xrs\fc_join.xrs (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\xrs\fc_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\xrs\filemap.xrs (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\xrs\filerefs.xrs (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\xrs\gameclient.xrs (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\xrs\game_common.xrs (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\xrs\game_common_message.xrs (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\xrs\game_panel.xrs (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\xrs\gizmo.xrs (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\xrs\mc_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\xrs\message.xrs (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\xrs\mtt_join.xrs (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\xrs\mtt_lobby.xrs (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\xrs\navigator.xrs (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\xrs\omaha_join.xrs (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\xrs\omaha_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\xrs\optdef.xrs (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\xrs\poker_limits.xrs (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\xrs\sc_join.xrs (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\xrs\sc_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\xrs\tel_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\xrs\texas_join.xrs (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\xrs\texas_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\PAF Diamond Poker\xrs\tournament_join.xrs (Adware.Casino) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.







    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:21:26, on 22.6.2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16674)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\dna Nettiturva\Anti-Virus\fsgk32st.exe
    C:\Program Files\dna Nettiturva\Anti-Virus\FSGK32.EXE
    C:\Program Files\dna Nettiturva\Common\FSMA32.EXE
    C:\Program Files\dna Nettiturva\Common\FSMB32.EXE
    c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\dna Nettiturva\Common\FCH32.EXE
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\UStorSrv.exe
    C:\Program Files\dna Nettiturva\Common\FAMEH32.EXE
    C:\Program Files\dna Nettiturva\Anti-Virus\fsqh.exe
    C:\Program Files\dna Nettiturva\FSAUA\program\fsaua.exe
    C:\Program Files\dna Nettiturva\Anti-Virus\fssm32.exe
    C:\Program Files\dna Nettiturva\FWES\Program\fsdfwd.exe
    C:\Program Files\dna Nettiturva\FSAUA\program\fsus.exe
    C:\Program Files\dna Nettiturva\Anti-Virus\fsav32.exe
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\dna Nettiturva\Common\FSM32.EXE
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\dna Nettiturva\FSGUI\fsguidll.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://finnish.ircfast2.com/index.php?rvs=hompag
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI&c=Q305&bd=pavilion&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 128.238.88.64:3128
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: HP-näkymä - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
    O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\dna Nettiturva\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\dna Nettiturva\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
    O4 - S-1-5-18 Startup: AutoTBar.exe (User 'SYSTEM')
    O4 - .DEFAULT Startup: AutoTBar.exe (User 'Default user')
    O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar3.dll/cmwordtrans.html
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Avaa uuteen etuvälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/230?e4ab05b8cdeb4a9c810de1879497a108
    O8 - Extra context menu item: Avaa uuteen taustavälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/229?e4ab05b8cdeb4a9c810de1879497a108
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
    O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
    O9 - Extra 'Tools' menuitem: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9563.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\dna Nettiturva\Anti-Virus\fsgk32st.exe
    O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\dna Nettiturva\FSAUA\program\fsaua.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\dna Nettiturva\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\dna Nettiturva\Common\FSMA32.EXE
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe

    --
    End of file - 13639 bytes
     
    mAtu_, Jun 22, 2008
    #7

Share This Page